玖涯软件开发|java/go/python

Spring Security Update to Spring Boot 2.2.6.RELEASE

Update to Spring Boot 2.2.6.RELEASEComment From: spring-projects-issuesFixed via e3c3601cf67aca876a45c9be52c4a0be9ba1ee2...

Spring Security Update to Reactor Dysprosium-SR6

Update to Reactor Dysprosium-SR6Comment From: spring-projects-issuesFixed via dbdf02e86441efdc33e85a3fd3c75dc9bded68c0

Spring Security Update tests to use absolute paths

SummaryThe changes made for spring-projects/spring-framework#24556 in Spring Framework 5.2.4 break our tests that do not...

Spring Security Update to Spring Framework 5.2.5

Update to Spring Framework 5.2.5Comment From: spring-projects-issuesFixed via 6a9585dc0d7dd89c7af9d9b21867aec299d1b783

Spring Security SEC-2934: Support OpenID Connect

Scott Rossillo (Migrated from SEC-2934) said:About OpenID Connect:bq. OpenID Connect 1.0 is a simple identity layer on t...

Spring Security SEC-2958: README.adoc update to Spring 4

Sebastian Hähnel (Migrated from SEC-2958) said:README.adoc mentions "Spring Security 3.1 requires Spring 3.0.3 as a mini...

Spring Security Duplicate Vary headers after enabling CORS filter

SummaryI have noticed strange behavior when requesting a static resource with GET, while having the cors filter enabled ...

Spring Security .antMatchers(HttpMethod.POST, "/login").permitAll() is not working

Hello,I am trying to enable a POST authentication api as per below but all requests are gettig a 401:@Overrideprotected ...

Spring Security BasicAuthenticationConverter does not handle invalid headers

If you take a look at BasicAuthenticationConverter.java @ convert(HttpServletRequest request), around line 90, you'll se...

Spring Security HttpServletRequest.logout() not functioning

SummaryFail to logout in a Spring MVC Controller via HttpServletRequest.logout().@Controller@RequestMapping(value = &quo...

Spring Security SpringTestContext returns ConfigurableWebApplicationContext

SummarySpringTestContext returns ConfigurableWebApplicationContext. This will allow for using it to create a MockMvc ins...

Spring Security OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider

The OAuth2LoginAuthenticationProvider performs most of the same logic that exists in OAuth2AuthorizationCodeAuthenticati...

Spring Security SEC-2977: AnonymousAuthenticationFilter.createAuthentication() creates passes incorrect value to the constructor of AnonymousAuthenticationToken

Jacob Lu (Migrated from SEC-2977) said:The following code passes userAttribute.getPassword() to the principal field of A...

Spring Security java.lang.IllegalArgumentException: serverWebExchange cannot be null when using WebClient with client_credentials

SummaryFrom my service I am performing http calls to an external service OAuth2 protected. The flow that we are using fo...

Spring Security Broken links found in doc

I happened to found some links broken about ClientRegistration in "oauth2-login.adoc".I fixed these in the https://githu...

Spring Security Use HTTP Basic Auth with OAuth2 login at the same time

SummaryIs it possible to configure HTTP Basic Auth for a group of paths and OAuth2 for the rest of the application?Actua...

Spring Security SEC-2903: Expire a session via the SessionRegistry interface

Kazuki Shimizu (Migrated from SEC-2903) said:I want to expire a session via the SessionRegistry interface as same as Ses...

Spring Security Spring webflux security form login not working, '/login' page 404 not found.

SummaryI've already configured SecurityWebFilterChain to enable formLogin in a Spring Cloud Gateway application, but whe...

Spring Security WebSecurity#ignoring() doesn't have an effect

SummaryWhen you set web.ignoring().antMatchers("/resources/**") filters are still applying to "/resources/" containing U...

Spring Security SwitchUserFilter vulnerable to CSRF

SummaryIt seems the SwitchUserFilter responds to all HTTP methods, making it vulnerable to CSRF attacks. Actual Behavior...

上一页下一页

1
…
713
714
715
716
717
…
2246

.